Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Claro Search

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2012, 20:23   #1
HAK
 
Claro Search - Standard

Claro Search



Hallo,
ich heiße Heiko und bin anscheinend auch ein Opfer der "Claro Search" geworden. Es ist mir gerade aufgefallen, dass beim Start des Firefox immer die Claro Search als Startseite aufgerufen wird, auch nach einer Umstellung in den Einstellungen erscheint diese Startseite.

Des Weiteren habe ich heute Nachmittag auf einige wichtige Emails gewartet, die allerdings vom Thunderbird nicht heruntergeladen wurden. Online sind sie da, aber nicht im Thunderbird. Ich war schon froh, dass der Bestätigungslink für das Trojaner-Board angekommen ist.

Ich hoffe alle Schritte richtig zu befolgen, da ich nicht ganz so fit bin. Nebenbei habe ich einen Vollzeitjob, baue ein Haus und habe 2 kleine Kinder - daher bitte nicht böse sein, wenn es mal ein wenig länger dauert.

Nun zu den geforderten Infos:

Schritt 1:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:18 on 15/11/2012 (Heiko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


Schritt 2:

OTL logfile created on: 15.11.2012 21:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free
5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.15 15:41:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe
PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.01.04 19:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe
PRC - [2009.09.08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.08.23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.08.06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe
MOD - [2012.06.16 14:11:12 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.15 21:30:54 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.15 21:30:44 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.15 21:29:57 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 21:29:49 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 07:20:56 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.10 07:15:38 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 07:15:36 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.10 07:14:37 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 07:14:33 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 07:14:31 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 07:14:20 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.16 00:18:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
MOD - [2011.09.16 00:18:04 | 000,114,688 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll
MOD - [2011.09.16 00:17:06 | 002,888,416 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011.09.16 00:17:04 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.04.05 19:52:36 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.DLL
MOD - [2010.04.05 19:52:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Mono.Nat.dll
MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL
MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL
MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL
MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL
MOD - [2010.04.01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll
MOD - [2010.04.01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll
MOD - [2009.05.27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009.05.06 07:06:57 | 000,167,936 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpr.dll
MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll
MOD - [2009.04.23 10:00:35 | 000,344,064 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeecomx.dll
MOD - [2009.04.20 00:57:37 | 006,250,496 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpb.dll
MOD - [2009.04.20 00:50:39 | 001,183,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprp.dll
MOD - [2009.04.20 00:46:17 | 000,081,920 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeegcfg.dll
MOD - [2009.04.07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.30 12:18:48 | 000,165,888 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeedrui.dll
MOD - [2009.03.23 12:26:10 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeptpc.dll
MOD - [2009.03.09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.14 13:41:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.29 21:14:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010.05.02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc)
SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.09.01 09:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.17 04:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4612_5&babsrc=SP_ss&mntrId=a4df80400000000000000626b69b035f
IE - HKCU\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D
IE - HKCU\..\SearchScopes\{EF333FFC-B473-4DD7-8C36-56DD3B14D627}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=KW_ss&mntrId=a4df80400000000000000626b69b035f&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.15 14:03:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M]

[2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.15 14:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions
[2012.10.11 21:59:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 19:42:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\toolbar@ask.com
[2012.01.04 19:17:04 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\askcom.xml
[2012.11.15 14:03:02 | 000,002,514 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
[2012.10.29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.11.15 14:03:03 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.10.29 20:18:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.26 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.15 14:02:47 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.12 09:59:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.26 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [phonostarTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DAA513-F05A-479B-9049-8F50547CF3D3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.09 07:20:38 | 000,000,055 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell\AutoRun\command - "" = J:\SecureDrive.exe -- [2011.06.29 10:01:40 | 004,537,856 | R--- | M] ()
O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SecureDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.15 21:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.15 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012.11.15 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Claro
[2012.11.15 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.15 14:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD
[2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.15 14:02:37 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012.11.15 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.11.15 08:16:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012.11.15 08:16:33 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012.11.15 08:16:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2012.11.15 08:16:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.11.15 08:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.29 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.29 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll

========== Files - Modified Within 30 Days ==========

[2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.15 21:18:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.15 21:16:43 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.15 21:15:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 21:06:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
[2012.11.15 21:06:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
[2012.11.15 18:25:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 15:43:09 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2012.11.15 14:02:40 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.15 14:02:40 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.15 08:16:40 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 12:17:49 | 000,488,268 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF
[2012.11.14 12:10:14 | 000,491,552 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF
[2012.11.12 19:59:14 | 000,077,271 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF
[2012.11.12 19:39:22 | 000,012,887 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF
[2012.11.12 19:20:14 | 000,012,731 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF
[2012.11.06 20:42:29 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.11.06 20:42:29 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.11.06 20:42:29 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.11.06 20:42:29 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.11.05 20:53:55 | 000,011,731 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF
[2012.11.05 19:51:03 | 000,013,013 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF
[2012.11.05 19:50:03 | 000,010,947 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF
[2012.11.02 18:25:09 | 000,011,100 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF
[2012.11.02 18:16:12 | 000,013,085 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF
[2012.11.02 17:55:57 | 000,012,927 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF
[2012.11.02 17:44:52 | 002,276,311 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF
[2012.11.02 17:43:45 | 000,010,437 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF
[2012.11.02 17:39:10 | 003,894,087 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF
[2012.11.01 21:28:40 | 003,800,188 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF
[2012.11.01 21:25:12 | 000,009,125 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF
[2012.11.01 21:21:47 | 002,121,180 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF
[2012.11.01 21:19:46 | 003,388,506 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF
[2012.10.21 09:52:50 | 000,015,522 | ---- | M] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF
[2012.10.18 21:52:37 | 000,075,084 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF
[2012.10.18 21:15:33 | 001,939,472 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF
[2012.10.18 19:43:07 | 003,222,752 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF

========== Files Created - No Company Name ==========

[2012.11.15 21:18:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.15 21:16:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.15 14:02:40 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.15 14:02:40 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.15 08:16:40 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 12:17:49 | 000,488,268 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF
[2012.11.14 12:10:13 | 000,491,552 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF
[2012.11.12 19:59:13 | 000,077,271 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF
[2012.11.12 19:39:21 | 000,012,887 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF
[2012.11.12 19:20:14 | 000,012,731 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF
[2012.11.05 20:53:55 | 000,011,731 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF
[2012.11.05 19:51:02 | 000,013,013 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF
[2012.11.05 19:50:02 | 000,010,947 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF
[2012.11.02 18:25:08 | 000,011,100 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF
[2012.11.02 18:16:11 | 000,013,085 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF
[2012.11.02 17:55:56 | 000,012,927 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF
[2012.11.02 17:44:51 | 002,276,311 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF
[2012.11.02 17:43:44 | 000,010,437 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF
[2012.11.02 17:39:09 | 003,894,087 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF
[2012.11.01 21:28:39 | 003,800,188 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF
[2012.11.01 21:25:12 | 000,009,125 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF
[2012.11.01 21:21:47 | 002,121,180 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF
[2012.11.01 21:19:46 | 003,388,506 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF
[2012.10.21 09:52:50 | 000,015,522 | ---- | C] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF
[2012.10.18 20:13:07 | 001,939,472 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF
[2012.10.18 20:12:27 | 000,075,084 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF
[2012.10.18 19:43:06 | 003,222,752 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF
[2011.10.19 10:23:53 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.01 17:09:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxecvs.dll
[2011.10.01 17:09:32 | 000,442,368 | ---- | C] ( ) -- C:\windows\System32\lxeccoin.dll
[2011.10.01 17:09:30 | 000,294,912 | ---- | C] () -- C:\windows\System32\lxeccui.dll
[2011.10.01 17:09:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\lxeccuir.dll
[2011.10.01 17:09:30 | 000,086,016 | ---- | C] () -- C:\windows\System32\lxecgcfg.dll
[2011.10.01 17:07:56 | 000,847,872 | ---- | C] ( ) -- C:\windows\System32\lxecusb1.dll
[2011.10.01 17:07:56 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxecinpa.dll
[2011.10.01 17:07:56 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\LXEChcp.dll
[2011.10.01 17:07:56 | 000,344,064 | ---- | C] ( ) -- C:\windows\System32\lxeciesc.dll
[2011.10.01 17:07:56 | 000,331,776 | ---- | C] () -- C:\windows\System32\LXECinst.dll
[2011.10.01 17:07:55 | 001,048,576 | ---- | C] ( ) -- C:\windows\System32\lxecserv.dll
[2011.10.01 17:07:55 | 000,802,816 | ---- | C] ( ) -- C:\windows\System32\lxeccomc.dll
[2011.10.01 17:07:55 | 000,688,128 | ---- | C] ( ) -- C:\windows\System32\lxechbn3.dll
[2011.10.01 17:07:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxecpmui.dll
[2011.10.01 17:07:55 | 000,598,696 | ---- | C] ( ) -- C:\windows\System32\lxeccoms.exe
[2011.10.01 17:07:55 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxeclmpm.dll
[2011.10.01 17:07:55 | 000,373,416 | ---- | C] ( ) -- C:\windows\System32\lxeccfg.exe
[2011.10.01 17:07:55 | 000,372,736 | ---- | C] ( ) -- C:\windows\System32\lxeccomm.dll
[2011.10.01 17:07:55 | 000,324,264 | ---- | C] ( ) -- C:\windows\System32\lxecih.exe
[2011.10.01 17:07:55 | 000,323,584 | ---- | C] () -- C:\windows\System32\lxecins.dll
[2011.10.01 17:07:55 | 000,262,144 | ---- | C] () -- C:\windows\System32\lxecinsb.dll
[2011.10.01 17:07:55 | 000,253,952 | ---- | C] () -- C:\windows\System32\lxeccu.dll
[2011.10.01 17:07:55 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxecgrd.dll
[2011.10.01 17:07:55 | 000,114,688 | ---- | C] () -- C:\windows\System32\lxecinsr.dll
[2011.10.01 17:07:55 | 000,090,112 | ---- | C] () -- C:\windows\System32\lxeccub.dll
[2011.10.01 17:07:55 | 000,057,344 | ---- | C] () -- C:\windows\System32\lxecjswr.dll
[2011.10.01 17:07:55 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxeccur.dll
[2011.10.01 17:04:32 | 000,299,008 | ---- | C] () -- C:\windows\System32\LXECsm.dll
[2011.10.01 17:04:32 | 000,024,064 | ---- | C] () -- C:\windows\System32\LXECsmr.dll
[2011.06.29 13:32:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss
[2011.06.22 21:12:34 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2011.06.22 20:51:38 | 000,001,469 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011.06.07 11:45:01 | 000,002,120 | ---- | C] () -- C:\windows\System32\SETUP.INI
[2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.06.22 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.10.06 05:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.11.15 14:02:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2010.02.11 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2011.06.22 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec
[2012.11.15 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claro
[2011.06.22 19:11:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON
[2012.10.11 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.10.11 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.23 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.07.01 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Sound Recorder
[2010.03.04 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2010.03.04 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.05.04 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.10.16 21:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoPlus
[2010.02.24 20:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.06.22 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.09.27 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2012.09.05 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.02.24 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.11.15 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2010.01.21 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2010.01.14 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rorig Software
[2010.01.12 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 15.11.2012 21:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free
5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A2058DD-9FA3-4C83-B05A-000748332063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F70DB99-C82E-4BA8-AF04-61E30C72B4CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D370C8F-9804-4F4E-A782-7F8EFB77C770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system |
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A1EE899-841F-468F-B577-E44F186E64B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{96B22D44-6677-4BA7-B9CA-D08054109C83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0CE2BC6-5C9D-4420-9515-2200C3D418EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2DE2049-2329-4B85-B51B-7980D5CA1DCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6BE51F3-16B3-4CFE-B493-2ABBD70B0C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB840EBA-0C5B-4E03-B88E-E8F780753286}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E271FB7B-B146-43AA-9CF5-5756D6FBB90C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF3259D3-9794-47D6-A342-86078E32FC8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9D36D89-1BBB-46D7-A0EB-5358719976F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DE69FC-A6AF-415C-A61F-D49D36E7D8F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{12C99DA2-3111-4ABF-A1EB-199A1FD20101}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14DF5C51-04C8-4256-90A8-0AB520250722}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1936BFB2-4704-4685-AA1B-BB717D2C8E64}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe |
"{19E4BA90-6E26-4AF3-86EB-4FDBCB685AD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D4AF9BF-5D2E-4D6F-B3B6-0FEA7280B105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{207EAB51-8D11-458F-9BF1-8AC49E2E760F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2666C3F1-AE28-4509-A95C-3A87DE959A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2721157E-68D7-48ED-B28B-EA910D30AFFC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3508FCE9-7864-42F6-907F-4BA9A513FD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{350B17B8-BF7E-49ED-9C89-F190EC3BFFCF}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe |
"{367D5E63-1CB5-4FC1-A4A6-046A7722CD73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36A10E2B-2606-4D53-94CD-94996C6DB0F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36FD5AB5-3973-4292-A463-5500BE73836F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3B61486F-DFD3-4469-980B-6906BAB7A5F6}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{443055EF-18FC-4A93-AA08-ACE95BEA00CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E046D76-0D85-4AE1-8D60-36F49A3BC82B}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe |
"{70D81061-1455-41A6-8524-0CF8E0C8DB89}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{71CEB397-329A-4F72-89C6-1F939A52B0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7BB3BD07-67BC-461D-849D-250E5894BF4F}" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe |
"{928AC0A3-7023-4BBD-A396-3941BB9FEE1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93F6B310-8D29-434F-9702-54454B9A11B8}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{9D2EF16F-6E1C-433C-9781-54BECA6FF2E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF7BE449-B839-4EA1-A31A-C9E58C68C54C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D620E2D0-DBF2-4AA0-9818-72B56DCF6175}" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe |
"{DC9497AF-D9F2-431F-BB84-024BCBB808DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF88DB5-E463-42A0-A117-12733B88522E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F284212B-6A57-49DF-BD7D-5D6785FB53FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F30E5905-5E68-435F-AC44-19FADA8A7EB2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe |
"{FB3D9E84-2957-405C-A04D-69188278874C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FDE96E9F-77C9-494F-8DE5-8F548F062055}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"TCP Query User{0B598442-2CC7-4120-AFD5-EDC756481767}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{0E501B6A-AE58-4B2B-9276-19543BFBF66D}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"TCP Query User{283D0D29-309B-4B79-9DD8-4BD21C9CB0B5}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{2DBA5005-5A7A-415B-8E2B-70FFFF3360AF}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{499F367C-E9BF-48DC-A4B3-1E4EAD3131A7}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"TCP Query User{5DF4AFF1-995C-4775-B94D-597740B954A7}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{ABDBB55D-A19E-4532-9899-633F25AB64A5}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{D68012C9-15EB-450C-B212-2A995FE84A80}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe |
"TCP Query User{FB188029-B7FB-42DE-959C-A6257A947D53}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{093ACB9C-DB16-4400-9061-8CC6032C0334}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe |
"UDP Query User{4BD994BB-BD0F-4762-B669-3407C2EF4215}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{6912860E-C822-4175-A7CF-CDFB4502AE45}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"UDP Query User{7BE9F434-7D5E-499A-89E8-A3D967989370}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{85EDF902-D984-42BC-AD30-8FCADCF4D75B}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{C9053275-24C8-490B-94B9-B734A13FF943}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{DB073AB2-B109-4407-A112-10B2265C8BDF}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{E5B68BA6-8777-47FF-B482-C5AC0F2BD632}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{E6632EE3-ACBC-40F1-B6F2-69DAE663D858}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"claro" = Claro LTD toolbar
"FileZilla Client" = FileZilla Client 3.5.3
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.1005
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Free Studio_is1" = Free Studio version 5.7.5.1005
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.10.2012 14:29:25 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 14.10.2012 13:46:07 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 14.10.2012 13:46:43 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 15.10.2012 11:20:13 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 16.10.2012 14:38:04 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 16.10.2012 16:40:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 16.10.2012 16:41:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 17.10.2012 00:43:52 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 17.10.2012 22:24:56 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 18.10.2012 10:16:34 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 18.10.2012 10:35:36 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 18.10.2012 10:36:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.10.2012 00:27:19 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

[ OSession Events ]
Error - 08.05.2011 14:45:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2011 08:20:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2011 08:20:31 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.08.2011 14:07:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.11.2012 10:45:48 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 10:45:51 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 12:35:02 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:11 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:14 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:18 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:21 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 14:43:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 15:30:13 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 15:47:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.


< End of report >

Sorry, hat etwas gedauert. Ich hätte die 3 Schritte vor der Öffnung des Beitrages durchführen sollen.

Mir ist noch eingefallen, dass der Download von Avira heute Vormittag nur im Schneckentempo lief - normal habe ich eine super Verbindung.

Nun aber zum 3. Schritt:


Schritt 3:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 22:26:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: ykcz9hv8.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys


---- System - GMER 1.0.15 ----

SSDT            90835636                                                          ZwCreateSection
SSDT            90835640                                                          ZwRequestWaitReplyPort
SSDT            9083563B                                                          ZwSetContextThread
SSDT            90835645                                                          ZwSetSecurityObject
SSDT            9083564A                                                          ZwSystemDebugControl
SSDT            908355D7                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1401                          830439C9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                            830634E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                               8306A87C 4 Bytes  [36, 56, 83, 90]
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                               8306ABD8 4 Bytes  [40, 56, 83, 90]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                               8306AC1C 4 Bytes  [3B, 56, 83, 90] {CMP EDX, [ESI-0x7d]; NOP }
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                               8306AC98 4 Bytes  [45, 56, 83, 90]
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                               8306ACEC 4 Bytes  [4A, 56, 83, 90]
.text           ...                                                               
.text           user32.dll!DialogBoxParamW                                        752D3B9B 5 Bytes  [E9, A0, 09, AB, FF] {JMP 0xffffffffffab09a5}

---- User code sections - GMER 1.0.15 ----

.text           C:\windows\system32\wininit.exe[492] USER32.dll!DialogBoxParamW   752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           C:\windows\system32\services.exe[544] USER32.dll!DialogBoxParamW  752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           C:\windows\system32\lsass.exe[560] USER32.dll!DialogBoxParamW     752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           C:\windows\system32\winlogon.exe[660] USER32.dll!DialogBoxParamW  752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           ...                                                               

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000049                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Vorab schon einmal vielen Dank & bis hoffentlich morgen.

Heiko

Geändert von HAK (15.11.2012 um 20:48 Uhr) Grund: Für OTL musste ich alle Programme schließen.

Alt 17.11.2012, 21:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 18.11.2012, 20:07   #3
HAK
 
Claro Search - Standard

Claro Search



1. aswMBR

Der Scan lief bei mir im voreigestellten Modus nicht. Bei der Position Temporary Internet Files hat der Scan gestoppt, bei einem zweiten Durchlauf kam das gleiche Ergebnis.

Darauf hin habe ich die Einstellung (none) im Dropdown AV scan gewählt und folgende Log erhalten:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 20:21:18
-----------------------------
20:21:18.582    OS Version: Windows 6.1.7601 Service Pack 1
20:21:18.582    Number of processors: 2 586 0x170A
20:21:18.583    ComputerName: ***-PC  UserName: ***
20:21:19.206    Initialize success
20:21:27.131    AVAST engine defs: 12111801
20:21:39.202    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:21:39.205    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
20:21:39.294    Disk 0 MBR read successfully
20:21:39.299    Disk 0 MBR scan
20:21:39.307    Disk 0 unknown MBR code
20:21:39.320    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
20:21:39.347    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
20:21:39.369    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       104321 MB offset 31664128
20:21:39.395    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       185462 MB offset 245313536
20:21:39.407    Disk 0 scanning sectors +625139712
20:21:39.506    Disk 0 scanning C:\windows\system32\drivers
20:21:57.832    Service scanning
20:22:21.112    Modules scanning
20:22:37.381    Disk 0 trace - called modules:
20:22:37.414    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
20:22:37.419    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dd31f0]
20:22:37.428    3 CLASSPNP.SYS[8c7a059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f8c028]
20:22:37.435    Scan finished successfully
20:23:15.691    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:23:15.697    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

2. TDSS-Killer


Ich habe folgendes Log erhalten:

Code:
ATTFilter
20:31:27.0059 2480  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:31:27.0325 2480  ============================================================
20:31:27.0325 2480  Current date / time: 2012/11/18 20:31:27.0325
20:31:27.0325 2480  SystemInfo:
20:31:27.0325 2480  
20:31:27.0325 2480  OS Version: 6.1.7601 ServicePack: 1.0
20:31:27.0325 2480  Product type: Workstation
20:31:27.0325 2480  ComputerName: ***-PC
20:31:27.0325 2480  UserName: ***
20:31:27.0325 2480  Windows directory: C:\windows
20:31:27.0325 2480  System windows directory: C:\windows
20:31:27.0325 2480  Processor architecture: Intel x86
20:31:27.0325 2480  Number of processors: 2
20:31:27.0325 2480  Page size: 0x1000
20:31:27.0325 2480  Boot type: Normal boot
20:31:27.0325 2480  ============================================================
20:31:27.0761 2480  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:31:27.0808 2480  Drive \Device\Harddisk1\DR1 - Size: 0xEE800000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:27.0808 2480  ============================================================
20:31:27.0808 2480  \Device\Harddisk0\DR0:
20:31:27.0808 2480  MBR partitions:
20:31:27.0808 2480  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
20:31:27.0808 2480  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xCBC0800
20:31:27.0808 2480  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE9F3000, BlocksNum 0x16A3B000
20:31:27.0808 2480  \Device\Harddisk1\DR1:
20:31:27.0808 2480  MBR partitions:
20:31:27.0808 2480  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x773FC1
20:31:27.0808 2480  ============================================================
20:31:27.0855 2480  C: <-> \Device\Harddisk0\DR0\Partition2
20:31:27.0902 2480  D: <-> \Device\Harddisk0\DR0\Partition3
20:31:27.0902 2480  ============================================================
20:31:27.0902 2480  Initialize success
20:31:27.0902 2480  ============================================================
20:31:51.0848 4892  ============================================================
20:31:51.0848 4892  Scan started
20:31:51.0848 4892  Mode: Manual; SigCheck; TDLFS; 
20:31:51.0848 4892  ============================================================
20:31:52.0238 4892  ================ Scan system memory ========================
20:31:52.0238 4892  System memory - ok
20:31:52.0238 4892  ================ Scan services =============================
20:31:52.0425 4892  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
20:31:52.0550 4892  1394ohci - ok
20:31:52.0675 4892  ACDaemon - ok
20:31:52.0722 4892  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:31:52.0737 4892  ACPI - ok
20:31:52.0815 4892  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
20:31:52.0893 4892  AcpiPmi - ok
20:31:52.0987 4892  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:31:53.0018 4892  AdobeFlashPlayerUpdateSvc - ok
20:31:53.0065 4892  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
20:31:53.0096 4892  adp94xx - ok
20:31:53.0112 4892  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
20:31:53.0143 4892  adpahci - ok
20:31:53.0143 4892  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
20:31:53.0174 4892  adpu320 - ok
20:31:53.0190 4892  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
20:31:53.0252 4892  AeLookupSvc - ok
20:31:53.0299 4892  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
20:31:53.0361 4892  AFD - ok
20:31:53.0392 4892  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
20:31:53.0424 4892  agp440 - ok
20:31:53.0455 4892  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
20:31:53.0470 4892  aic78xx - ok
20:31:53.0502 4892  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
20:31:53.0517 4892  ALG - ok
20:31:53.0548 4892  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
20:31:53.0564 4892  aliide - ok
20:31:53.0564 4892  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
20:31:53.0595 4892  amdagp - ok
20:31:53.0611 4892  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
20:31:53.0626 4892  amdide - ok
20:31:53.0673 4892  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
20:31:53.0720 4892  AmdK8 - ok
20:31:53.0720 4892  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
20:31:53.0751 4892  AmdPPM - ok
20:31:53.0798 4892  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
20:31:53.0814 4892  amdsata - ok
20:31:53.0845 4892  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
20:31:53.0860 4892  amdsbs - ok
20:31:53.0876 4892  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
20:31:53.0892 4892  amdxata - ok
20:31:54.0001 4892  [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:31:54.0032 4892  AntiVirSchedulerService - ok
20:31:54.0063 4892  [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:31:54.0079 4892  AntiVirService - ok
20:31:54.0126 4892  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
20:31:54.0172 4892  AppID - ok
20:31:54.0204 4892  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:31:54.0282 4892  AppIDSvc - ok
20:31:54.0313 4892  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
20:31:54.0344 4892  Appinfo - ok
20:31:54.0391 4892  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
20:31:54.0406 4892  arc - ok
20:31:54.0422 4892  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
20:31:54.0438 4892  arcsas - ok
20:31:54.0453 4892  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:31:54.0500 4892  AsyncMac - ok
20:31:54.0547 4892  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
20:31:54.0562 4892  atapi - ok
20:31:54.0625 4892  [ 2EB96571FE865F07ED1FD6017575026F ] athr            C:\windows\system32\DRIVERS\athr.sys
20:31:54.0703 4892  athr - ok
20:31:54.0765 4892  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:31:54.0812 4892  AudioEndpointBuilder - ok
20:31:54.0843 4892  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
20:31:54.0874 4892  Audiosrv - ok
20:31:54.0952 4892  [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
20:31:54.0968 4892  avgntflt - ok
20:31:55.0015 4892  [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
20:31:55.0030 4892  avipbb - ok
20:31:55.0062 4892  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
20:31:55.0093 4892  avkmgr - ok
20:31:55.0140 4892  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:31:55.0249 4892  AxInstSV - ok
20:31:55.0296 4892  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
20:31:55.0342 4892  b06bdrv - ok
20:31:55.0374 4892  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
20:31:55.0389 4892  b57nd60x - ok
20:31:55.0452 4892  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
20:31:55.0514 4892  BDESVC - ok
20:31:55.0545 4892  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
20:31:55.0576 4892  Beep - ok
20:31:55.0639 4892  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
20:31:55.0717 4892  BFE - ok
20:31:55.0764 4892  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
20:31:55.0810 4892  BITS - ok
20:31:55.0826 4892  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
20:31:55.0857 4892  blbdrive - ok
20:31:55.0888 4892  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:31:55.0920 4892  bowser - ok
20:31:55.0951 4892  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
20:31:56.0029 4892  BrFiltLo - ok
20:31:56.0060 4892  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
20:31:56.0076 4892  BrFiltUp - ok
20:31:56.0107 4892  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
20:31:56.0169 4892  Browser - ok
20:31:56.0356 4892  [ 52BE156F6C23B2995AFACE7091D18493 ] Browser Manager C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
20:31:56.0528 4892  Browser Manager - ok
20:31:56.0575 4892  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
20:31:56.0622 4892  Brserid - ok
20:31:56.0637 4892  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
20:31:56.0668 4892  BrSerWdm - ok
20:31:56.0684 4892  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
20:31:56.0715 4892  BrUsbMdm - ok
20:31:56.0731 4892  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
20:31:56.0778 4892  BrUsbSer - ok
20:31:56.0824 4892  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
20:31:56.0856 4892  BTHMODEM - ok
20:31:56.0902 4892  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
20:31:56.0949 4892  bthserv - ok
20:31:56.0965 4892  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:31:57.0027 4892  cdfs - ok
20:31:57.0074 4892  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
20:31:57.0121 4892  cdrom - ok
20:31:57.0183 4892  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
20:31:57.0214 4892  CertPropSvc - ok
20:31:57.0246 4892  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
20:31:57.0261 4892  circlass - ok
20:31:57.0308 4892  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
20:31:57.0339 4892  CLFS - ok
20:31:57.0417 4892  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:57.0448 4892  clr_optimization_v2.0.50727_32 - ok
20:31:57.0526 4892  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:57.0558 4892  clr_optimization_v4.0.30319_32 - ok
20:31:57.0604 4892  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
20:31:57.0636 4892  CmBatt - ok
20:31:57.0651 4892  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
20:31:57.0682 4892  cmdide - ok
20:31:57.0714 4892  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
20:31:57.0760 4892  CNG - ok
20:31:57.0792 4892  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
20:31:57.0807 4892  Compbatt - ok
20:31:57.0838 4892  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
20:31:57.0885 4892  CompositeBus - ok
20:31:57.0901 4892  COMSysApp - ok
20:31:57.0916 4892  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
20:31:57.0932 4892  crcdisk - ok
20:31:57.0994 4892  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:31:58.0041 4892  CryptSvc - ok
20:31:58.0088 4892  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
20:31:58.0150 4892  DcomLaunch - ok
20:31:58.0182 4892  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
20:31:58.0228 4892  defragsvc - ok
20:31:58.0260 4892  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
20:31:58.0306 4892  DfsC - ok
20:31:58.0353 4892  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:31:58.0400 4892  Dhcp - ok
20:31:58.0431 4892  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
20:31:58.0462 4892  discache - ok
20:31:58.0494 4892  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
20:31:58.0525 4892  Disk - ok
20:31:58.0556 4892  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
20:31:58.0587 4892  Dnscache - ok
20:31:58.0634 4892  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
20:31:58.0665 4892  dot3svc - ok
20:31:58.0712 4892  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
20:31:58.0759 4892  DPS - ok
20:31:58.0790 4892  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
20:31:58.0821 4892  drmkaud - ok
20:31:58.0868 4892  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
20:31:58.0899 4892  DXGKrnl - ok
20:31:58.0930 4892  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
20:31:58.0962 4892  EapHost - ok
20:31:59.0071 4892  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
20:31:59.0227 4892  ebdrv - ok
20:31:59.0258 4892  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
20:31:59.0305 4892  EFS - ok
20:31:59.0367 4892  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
20:31:59.0445 4892  ehRecvr - ok
20:31:59.0476 4892  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
20:31:59.0508 4892  ehSched - ok
20:31:59.0554 4892  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
20:31:59.0570 4892  elxstor - ok
20:31:59.0601 4892  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
20:31:59.0632 4892  ErrDev - ok
20:31:59.0679 4892  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
20:31:59.0726 4892  EventSystem - ok
20:31:59.0742 4892  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
20:31:59.0788 4892  exfat - ok
20:31:59.0804 4892  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
20:31:59.0851 4892  fastfat - ok
20:31:59.0913 4892  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
20:31:59.0976 4892  Fax - ok
20:31:59.0991 4892  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
20:32:00.0022 4892  fdc - ok
20:32:00.0054 4892  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
20:32:00.0100 4892  fdPHost - ok
20:32:00.0116 4892  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
20:32:00.0163 4892  FDResPub - ok
20:32:00.0178 4892  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
20:32:00.0194 4892  FileInfo - ok
20:32:00.0210 4892  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
20:32:00.0256 4892  Filetrace - ok
20:32:00.0272 4892  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
20:32:00.0303 4892  flpydisk - ok
20:32:00.0319 4892  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
20:32:00.0334 4892  FltMgr - ok
20:32:00.0381 4892  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
20:32:00.0444 4892  FontCache - ok
20:32:00.0522 4892  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:00.0537 4892  FontCache3.0.0.0 - ok
20:32:00.0553 4892  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
20:32:00.0568 4892  FsDepends - ok
20:32:00.0600 4892  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
20:32:00.0615 4892  fssfltr - ok
20:32:00.0678 4892  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:32:00.0740 4892  fsssvc - ok
20:32:00.0771 4892  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
20:32:00.0802 4892  Fs_Rec - ok
20:32:00.0849 4892  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
20:32:00.0865 4892  fvevol - ok
20:32:00.0896 4892  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
20:32:00.0912 4892  gagp30kx - ok
20:32:00.0958 4892  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
20:32:01.0052 4892  gpsvc - ok
20:32:01.0068 4892  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
20:32:01.0099 4892  hcw85cir - ok
20:32:01.0161 4892  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:32:01.0192 4892  HdAudAddService - ok
20:32:01.0208 4892  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
20:32:01.0255 4892  HDAudBus - ok
20:32:01.0255 4892  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
20:32:01.0286 4892  HidBatt - ok
20:32:01.0302 4892  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
20:32:01.0333 4892  HidBth - ok
20:32:01.0333 4892  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
20:32:01.0364 4892  HidIr - ok
20:32:01.0395 4892  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
20:32:01.0442 4892  hidserv - ok
20:32:01.0473 4892  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
20:32:01.0504 4892  HidUsb - ok
20:32:01.0536 4892  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
20:32:01.0582 4892  hkmsvc - ok
20:32:01.0629 4892  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:32:01.0692 4892  HomeGroupListener - ok
20:32:01.0738 4892  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:32:01.0785 4892  HomeGroupProvider - ok
20:32:01.0816 4892  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
20:32:01.0832 4892  HpSAMD - ok
20:32:01.0910 4892  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
20:32:01.0941 4892  HTTP - ok
20:32:01.0988 4892  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
20:32:02.0004 4892  hwpolicy - ok
20:32:02.0066 4892  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
20:32:02.0113 4892  i8042prt - ok
20:32:02.0160 4892  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
20:32:02.0191 4892  iaStor - ok
20:32:02.0206 4892  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
20:32:02.0238 4892  iaStorV - ok
20:32:02.0300 4892  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:02.0362 4892  idsvc - ok
20:32:02.0518 4892  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
20:32:02.0690 4892  igfx - ok
20:32:02.0721 4892  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
20:32:02.0737 4892  iirsp - ok
20:32:02.0784 4892  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
20:32:02.0893 4892  IKEEXT - ok
20:32:02.0986 4892  [ DB96B8BD676BB24BD4F1DC53CA1F182C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
20:32:03.0127 4892  IntcAzAudAddService - ok
20:32:03.0142 4892  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
20:32:03.0158 4892  intelide - ok
20:32:03.0189 4892  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
20:32:03.0205 4892  intelppm - ok
20:32:03.0236 4892  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
20:32:03.0283 4892  IPBusEnum - ok
20:32:03.0314 4892  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
20:32:03.0392 4892  IpFilterDriver - ok
20:32:03.0454 4892  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
20:32:03.0532 4892  iphlpsvc - ok
20:32:03.0579 4892  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
20:32:03.0610 4892  IPMIDRV - ok
20:32:03.0626 4892  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
20:32:03.0657 4892  IPNAT - ok
20:32:03.0673 4892  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
20:32:03.0735 4892  IRENUM - ok
20:32:03.0766 4892  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
20:32:03.0782 4892  isapnp - ok
20:32:03.0813 4892  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
20:32:03.0829 4892  iScsiPrt - ok
20:32:03.0860 4892  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
20:32:03.0876 4892  kbdclass - ok
20:32:03.0907 4892  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
20:32:03.0938 4892  kbdhid - ok
20:32:03.0954 4892  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
20:32:03.0969 4892  KeyIso - ok
20:32:04.0000 4892  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
20:32:04.0016 4892  KSecDD - ok
20:32:04.0032 4892  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
20:32:04.0063 4892  KSecPkg - ok
20:32:04.0094 4892  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
20:32:04.0141 4892  KtmRm - ok
20:32:04.0172 4892  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
20:32:04.0219 4892  LanmanServer - ok
20:32:04.0250 4892  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:32:04.0297 4892  LanmanWorkstation - ok
20:32:04.0344 4892  [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:32:04.0375 4892  LBTServ - ok
20:32:04.0422 4892  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt        C:\windows\system32\DRIVERS\LHidFilt.Sys
20:32:04.0437 4892  LHidFilt - ok
20:32:04.0484 4892  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
20:32:04.0515 4892  lltdio - ok
20:32:04.0546 4892  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
20:32:04.0593 4892  lltdsvc - ok
20:32:04.0624 4892  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
20:32:04.0671 4892  lmhosts - ok
20:32:04.0671 4892  [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt        C:\windows\system32\DRIVERS\LMouFilt.Sys
20:32:04.0687 4892  LMouFilt - ok
20:32:04.0718 4892  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
20:32:04.0734 4892  LSI_FC - ok
20:32:04.0749 4892  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
20:32:04.0780 4892  LSI_SAS - ok
20:32:04.0796 4892  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
20:32:04.0812 4892  LSI_SAS2 - ok
20:32:04.0812 4892  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
20:32:04.0843 4892  LSI_SCSI - ok
20:32:04.0858 4892  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
20:32:04.0921 4892  luafv - ok
20:32:05.0014 4892  [ 6311F8863D898CE60C048779F9D86E74 ] lxecCATSCustConnectService C:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
20:32:05.0046 4892  lxecCATSCustConnectService - ok
20:32:05.0077 4892  lxec_device - ok
20:32:05.0124 4892  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
20:32:05.0155 4892  Mcx2Svc - ok
20:32:05.0186 4892  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
20:32:05.0202 4892  megasas - ok
20:32:05.0233 4892  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
20:32:05.0248 4892  MegaSR - ok
20:32:05.0326 4892  [ 6F62B8758B0C164E6D9BA7CACF9476C6 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
20:32:05.0342 4892  MemeoBackgroundService - ok
20:32:05.0373 4892  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
20:32:05.0436 4892  MMCSS - ok
20:32:05.0436 4892  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
20:32:05.0482 4892  Modem - ok
20:32:05.0529 4892  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
20:32:05.0545 4892  monitor - ok
20:32:05.0592 4892  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
20:32:05.0623 4892  mouclass - ok
20:32:05.0654 4892  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
20:32:05.0701 4892  mouhid - ok
20:32:05.0732 4892  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
20:32:05.0748 4892  mountmgr - ok
20:32:05.0810 4892  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:32:05.0841 4892  MozillaMaintenance - ok
20:32:05.0872 4892  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
20:32:05.0888 4892  mpio - ok
20:32:05.0919 4892  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
20:32:05.0950 4892  mpsdrv - ok
20:32:05.0997 4892  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
20:32:06.0075 4892  MpsSvc - ok
20:32:06.0106 4892  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
20:32:06.0122 4892  MRxDAV - ok
20:32:06.0169 4892  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
20:32:06.0216 4892  mrxsmb - ok
20:32:06.0247 4892  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
20:32:06.0278 4892  mrxsmb10 - ok
20:32:06.0294 4892  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
20:32:06.0325 4892  mrxsmb20 - ok
20:32:06.0356 4892  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
20:32:06.0372 4892  msahci - ok
20:32:06.0387 4892  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
20:32:06.0403 4892  msdsm - ok
20:32:06.0434 4892  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
20:32:06.0465 4892  MSDTC - ok
20:32:06.0496 4892  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
20:32:06.0543 4892  Msfs - ok
20:32:06.0559 4892  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
20:32:06.0590 4892  mshidkmdf - ok
20:32:06.0621 4892  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
20:32:06.0652 4892  msisadrv - ok
20:32:06.0684 4892  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
20:32:06.0762 4892  MSiSCSI - ok
20:32:06.0777 4892  msiserver - ok
20:32:06.0793 4892  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
20:32:06.0840 4892  MSKSSRV - ok
20:32:06.0871 4892  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
20:32:06.0902 4892  MSPCLOCK - ok
20:32:06.0933 4892  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
20:32:06.0964 4892  MSPQM - ok
20:32:06.0996 4892  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
20:32:07.0011 4892  MsRPC - ok
20:32:07.0042 4892  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
20:32:07.0058 4892  mssmbios - ok
20:32:07.0074 4892  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
20:32:07.0105 4892  MSTEE - ok
20:32:07.0105 4892  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
20:32:07.0136 4892  MTConfig - ok
20:32:07.0152 4892  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
20:32:07.0167 4892  Mup - ok
20:32:07.0214 4892  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
20:32:07.0261 4892  napagent - ok
20:32:07.0292 4892  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
20:32:07.0323 4892  NativeWifiP - ok
20:32:07.0370 4892  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
20:32:07.0417 4892  NDIS - ok
20:32:07.0432 4892  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
20:32:07.0479 4892  NdisCap - ok
20:32:07.0495 4892  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
20:32:07.0542 4892  NdisTapi - ok
20:32:07.0588 4892  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
20:32:07.0651 4892  Ndisuio - ok
20:32:07.0698 4892  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
20:32:07.0744 4892  NdisWan - ok
20:32:07.0776 4892  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
20:32:07.0838 4892  NDProxy - ok
20:32:07.0869 4892  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
20:32:07.0900 4892  NetBIOS - ok
20:32:07.0932 4892  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
20:32:07.0978 4892  NetBT - ok
20:32:07.0994 4892  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
20:32:08.0010 4892  Netlogon - ok
20:32:08.0056 4892  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
20:32:08.0103 4892  Netman - ok
20:32:08.0119 4892  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
20:32:08.0181 4892  netprofm - ok
20:32:08.0212 4892  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:08.0228 4892  NetTcpPortSharing - ok
20:32:08.0244 4892  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
20:32:08.0259 4892  nfrd960 - ok
20:32:08.0306 4892  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
20:32:08.0337 4892  NlaSvc - ok
20:32:08.0353 4892  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
20:32:08.0384 4892  Npfs - ok
20:32:08.0400 4892  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
20:32:08.0431 4892  nsi - ok
20:32:08.0446 4892  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
20:32:08.0478 4892  nsiproxy - ok
20:32:08.0540 4892  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
20:32:08.0602 4892  Ntfs - ok
20:32:08.0618 4892  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
20:32:08.0649 4892  Null - ok
20:32:08.0899 4892  [ 2713392707E515EFB671751FA767EBD2 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
20:32:09.0304 4892  nvlddmkm - ok
20:32:09.0336 4892  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
20:32:09.0351 4892  nvraid - ok
20:32:09.0382 4892  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
20:32:09.0414 4892  nvstor - ok
20:32:09.0460 4892  [ D445466C0A10536486FBEBBC271D6E34 ] nvsvc           C:\windows\system32\nvvsvc.exe
20:32:09.0492 4892  nvsvc - ok
20:32:09.0507 4892  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
20:32:09.0538 4892  nv_agp - ok
20:32:09.0632 4892  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:32:09.0679 4892  odserv - ok
20:32:09.0726 4892  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
20:32:09.0741 4892  ohci1394 - ok
20:32:09.0788 4892  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:09.0804 4892  ose - ok
20:32:09.0835 4892  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
20:32:09.0882 4892  p2pimsvc - ok
20:32:09.0913 4892  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
20:32:09.0928 4892  p2psvc - ok
20:32:09.0960 4892  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
20:32:09.0991 4892  Parport - ok
20:32:10.0022 4892  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
20:32:10.0038 4892  partmgr - ok
20:32:10.0053 4892  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
20:32:10.0100 4892  Parvdm - ok
20:32:10.0116 4892  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
20:32:10.0147 4892  PcaSvc - ok
20:32:10.0178 4892  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
20:32:10.0194 4892  pci - ok
20:32:10.0209 4892  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
20:32:10.0225 4892  pciide - ok
20:32:10.0256 4892  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
20:32:10.0272 4892  pcmcia - ok
20:32:10.0287 4892  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
20:32:10.0303 4892  pcw - ok
20:32:10.0350 4892  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
20:32:10.0412 4892  PEAUTH - ok
20:32:10.0490 4892  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
20:32:10.0615 4892  pla - ok
20:32:10.0630 4892  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
20:32:10.0708 4892  PlugPlay - ok
20:32:10.0740 4892  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
20:32:10.0771 4892  PNRPAutoReg - ok
20:32:10.0802 4892  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
20:32:10.0818 4892  PNRPsvc - ok
20:32:10.0864 4892  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
20:32:10.0896 4892  PolicyAgent - ok
20:32:10.0942 4892  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
20:32:10.0974 4892  Power - ok
20:32:11.0005 4892  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
20:32:11.0052 4892  PptpMiniport - ok
20:32:11.0067 4892  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
20:32:11.0083 4892  Processor - ok
20:32:11.0130 4892  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
20:32:11.0161 4892  ProfSvc - ok
20:32:11.0176 4892  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
20:32:11.0192 4892  ProtectedStorage - ok
20:32:11.0239 4892  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
20:32:11.0270 4892  Psched - ok
20:32:11.0332 4892  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
20:32:11.0426 4892  ql2300 - ok
20:32:11.0442 4892  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
20:32:11.0457 4892  ql40xx - ok
20:32:11.0488 4892  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
20:32:11.0535 4892  QWAVE - ok
20:32:11.0551 4892  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
20:32:11.0582 4892  QWAVEdrv - ok
20:32:11.0629 4892  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\windows\WindowsMobile\rapimgr.dll
20:32:11.0644 4892  RapiMgr - ok
20:32:11.0660 4892  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
20:32:11.0707 4892  RasAcd - ok
20:32:11.0738 4892  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
20:32:11.0769 4892  RasAgileVpn - ok
20:32:11.0800 4892  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
20:32:11.0847 4892  RasAuto - ok
20:32:11.0878 4892  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
20:32:11.0941 4892  Rasl2tp - ok
20:32:11.0988 4892  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
20:32:12.0034 4892  RasMan - ok
20:32:12.0050 4892  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
20:32:12.0097 4892  RasPppoe - ok
20:32:12.0128 4892  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
20:32:12.0159 4892  RasSstp - ok
20:32:12.0206 4892  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
20:32:12.0237 4892  rdbss - ok
20:32:12.0253 4892  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
20:32:12.0268 4892  rdpbus - ok
20:32:12.0300 4892  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
20:32:12.0331 4892  RDPCDD - ok
20:32:12.0362 4892  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
20:32:12.0393 4892  RDPENCDD - ok
20:32:12.0424 4892  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
20:32:12.0456 4892  RDPREFMP - ok
20:32:12.0487 4892  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
20:32:12.0534 4892  RDPWD - ok
20:32:12.0580 4892  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
20:32:12.0612 4892  rdyboost - ok
20:32:12.0627 4892  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
20:32:12.0705 4892  RemoteAccess - ok
20:32:12.0736 4892  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
20:32:12.0783 4892  RemoteRegistry - ok
20:32:12.0814 4892  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
20:32:12.0861 4892  RpcEptMapper - ok
20:32:12.0892 4892  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
20:32:12.0924 4892  RpcLocator - ok
20:32:12.0955 4892  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
20:32:13.0002 4892  RpcSs - ok
20:32:13.0033 4892  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
20:32:13.0080 4892  rspndr - ok
20:32:13.0111 4892  [ 05C2613F661584190C752F6184D1C8EF ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
20:32:13.0142 4892  RTL8167 - ok
20:32:13.0173 4892  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\windows\system32\Drivers\SABI.sys
20:32:13.0220 4892  SABI - ok
20:32:13.0236 4892  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
20:32:13.0251 4892  SamSs - ok
20:32:13.0314 4892  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
20:32:13.0329 4892  sbp2port - ok
20:32:13.0360 4892  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
20:32:13.0407 4892  SCardSvr - ok
20:32:13.0423 4892  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
20:32:13.0454 4892  scfilter - ok
20:32:13.0501 4892  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
20:32:13.0594 4892  Schedule - ok
20:32:13.0610 4892  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
20:32:13.0641 4892  SCPolicySvc - ok
20:32:13.0672 4892  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
20:32:13.0704 4892  SDRSVC - ok
20:32:13.0750 4892  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
20:32:13.0797 4892  secdrv - ok
20:32:13.0828 4892  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
20:32:13.0891 4892  seclogon - ok
20:32:13.0922 4892  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
20:32:13.0969 4892  SENS - ok
20:32:13.0984 4892  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
20:32:14.0031 4892  SensrSvc - ok
20:32:14.0078 4892  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
20:32:14.0125 4892  Serenum - ok
20:32:14.0140 4892  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
20:32:14.0172 4892  Serial - ok
20:32:14.0187 4892  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
20:32:14.0218 4892  sermouse - ok
20:32:14.0265 4892  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
20:32:14.0296 4892  SessionEnv - ok
20:32:14.0328 4892  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
20:32:14.0359 4892  sffdisk - ok
20:32:14.0374 4892  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
20:32:14.0406 4892  sffp_mmc - ok
20:32:14.0421 4892  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
20:32:14.0468 4892  sffp_sd - ok
20:32:14.0484 4892  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
20:32:14.0515 4892  sfloppy - ok
20:32:14.0562 4892  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
20:32:14.0608 4892  SharedAccess - ok
20:32:14.0640 4892  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:32:14.0671 4892  ShellHWDetection - ok
20:32:14.0702 4892  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
20:32:14.0718 4892  sisagp - ok
20:32:14.0749 4892  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
20:32:14.0764 4892  SiSRaid2 - ok
20:32:14.0780 4892  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
20:32:14.0796 4892  SiSRaid4 - ok
20:32:14.0827 4892  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
20:32:14.0858 4892  Smb - ok
20:32:14.0905 4892  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
20:32:14.0920 4892  SNMPTRAP - ok
20:32:15.0186 4892  [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3         C:\windows\system32\DRIVERS\snpstd3.sys
20:32:15.0529 4892  SNPSTD3 - ok
20:32:15.0560 4892  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
20:32:15.0576 4892  spldr - ok
20:32:15.0622 4892  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
20:32:15.0669 4892  Spooler - ok
20:32:15.0778 4892  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
20:32:15.0903 4892  sppsvc - ok
20:32:15.0934 4892  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
20:32:15.0966 4892  sppuinotify - ok
20:32:16.0044 4892  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:32:16.0059 4892  SQLWriter - ok
20:32:16.0090 4892  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
20:32:16.0137 4892  srv - ok
20:32:16.0168 4892  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
20:32:16.0215 4892  srv2 - ok
20:32:16.0231 4892  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
20:32:16.0262 4892  srvnet - ok
20:32:16.0293 4892  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
20:32:16.0324 4892  SSDPSRV - ok
20:32:16.0387 4892  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
20:32:16.0402 4892  ssmdrv - ok
20:32:16.0418 4892  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
20:32:16.0449 4892  SstpSvc - ok
20:32:16.0480 4892  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
20:32:16.0496 4892  stexstor - ok
20:32:16.0558 4892  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
20:32:16.0636 4892  StiSvc - ok
20:32:16.0683 4892  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
20:32:16.0714 4892  swenum - ok
20:32:16.0746 4892  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
20:32:16.0777 4892  swprv - ok
20:32:16.0824 4892  [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
20:32:16.0839 4892  SynTP - ok
20:32:16.0917 4892  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
20:32:17.0026 4892  SysMain - ok
20:32:17.0058 4892  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
20:32:17.0104 4892  TabletInputService - ok
20:32:17.0136 4892  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
20:32:17.0182 4892  TapiSrv - ok
20:32:17.0214 4892  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
20:32:17.0260 4892  TBS - ok
20:32:17.0323 4892  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
20:32:17.0385 4892  Tcpip - ok
20:32:17.0416 4892  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
20:32:17.0463 4892  TCPIP6 - ok
20:32:17.0494 4892  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
20:32:17.0541 4892  tcpipreg - ok
20:32:17.0572 4892  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
20:32:17.0619 4892  TDPIPE - ok
20:32:17.0650 4892  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
20:32:17.0666 4892  TDTCP - ok
20:32:17.0728 4892  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
20:32:17.0791 4892  tdx - ok
20:32:17.0806 4892  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
20:32:17.0822 4892  TermDD - ok
20:32:17.0869 4892  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
20:32:17.0931 4892  TermService - ok
20:32:17.0962 4892  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
20:32:17.0994 4892  Themes - ok
20:32:18.0009 4892  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
20:32:18.0056 4892  THREADORDER - ok
20:32:18.0072 4892  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
20:32:18.0118 4892  TrkWks - ok
20:32:18.0165 4892  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:32:18.0196 4892  TrustedInstaller - ok
20:32:18.0228 4892  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
20:32:18.0290 4892  tssecsrv - ok
20:32:18.0337 4892  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
20:32:18.0368 4892  TsUsbFlt - ok
20:32:18.0415 4892  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
20:32:18.0446 4892  tunnel - ok
20:32:18.0477 4892  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
20:32:18.0493 4892  uagp35 - ok
20:32:18.0524 4892  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
20:32:18.0571 4892  udfs - ok
20:32:18.0602 4892  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
20:32:18.0633 4892  UI0Detect - ok
20:32:18.0664 4892  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
20:32:18.0696 4892  uliagpkx - ok
20:32:18.0727 4892  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
20:32:18.0742 4892  umbus - ok
20:32:18.0774 4892  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
20:32:18.0805 4892  UmPass - ok
20:32:18.0820 4892  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
20:32:18.0867 4892  upnphost - ok
20:32:18.0930 4892  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
20:32:18.0961 4892  usbaudio - ok
20:32:19.0008 4892  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
20:32:19.0054 4892  usbccgp - ok
20:32:19.0086 4892  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
20:32:19.0132 4892  usbcir - ok
20:32:19.0148 4892  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
20:32:19.0164 4892  usbehci - ok
20:32:19.0195 4892  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
20:32:19.0242 4892  usbhub - ok
20:32:19.0257 4892  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
20:32:19.0288 4892  usbohci - ok
20:32:19.0335 4892  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
20:32:19.0351 4892  usbprint - ok
20:32:19.0382 4892  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
20:32:19.0413 4892  usbscan - ok
20:32:19.0429 4892  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
20:32:19.0460 4892  USBSTOR - ok
20:32:19.0476 4892  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
20:32:19.0507 4892  usbuhci - ok
20:32:19.0554 4892  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
20:32:19.0585 4892  usbvideo - ok
20:32:19.0632 4892  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
20:32:19.0663 4892  UxSms - ok
20:32:19.0694 4892  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
20:32:19.0710 4892  VaultSvc - ok
20:32:19.0725 4892  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
20:32:19.0741 4892  vdrvroot - ok
20:32:19.0788 4892  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
20:32:19.0850 4892  vds - ok
20:32:19.0866 4892  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
20:32:19.0881 4892  vga - ok
20:32:19.0912 4892  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
20:32:19.0944 4892  VgaSave - ok
20:32:19.0990 4892  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
20:32:20.0006 4892  vhdmp - ok
20:32:20.0037 4892  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
20:32:20.0053 4892  viaagp - ok
20:32:20.0068 4892  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
20:32:20.0100 4892  ViaC7 - ok
20:32:20.0131 4892  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
20:32:20.0146 4892  viaide - ok
20:32:20.0162 4892  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
20:32:20.0178 4892  volmgr - ok
20:32:20.0193 4892  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
20:32:20.0209 4892  volmgrx - ok
20:32:20.0240 4892  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
20:32:20.0256 4892  volsnap - ok
20:32:20.0287 4892  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
20:32:20.0302 4892  vsmraid - ok
20:32:20.0365 4892  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
20:32:20.0427 4892  VSS - ok
20:32:20.0458 4892  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
20:32:20.0490 4892  vwifibus - ok
20:32:20.0505 4892  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
20:32:20.0536 4892  vwififlt - ok
20:32:20.0552 4892  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
20:32:20.0568 4892  vwifimp - ok
20:32:20.0599 4892  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
20:32:20.0630 4892  W32Time - ok
20:32:20.0661 4892  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
20:32:20.0692 4892  WacomPen - ok
20:32:20.0724 4892  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
20:32:20.0770 4892  WANARP - ok
20:32:20.0786 4892  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
20:32:20.0817 4892  Wanarpv6 - ok
20:32:20.0864 4892  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
20:32:20.0973 4892  wbengine - ok
20:32:21.0004 4892  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
20:32:21.0036 4892  WbioSrvc - ok
20:32:21.0082 4892  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\windows\WindowsMobile\wcescomm.dll
20:32:21.0098 4892  WcesComm - ok
20:32:21.0145 4892  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
20:32:21.0176 4892  wcncsvc - ok
20:32:21.0192 4892  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:32:21.0223 4892  WcsPlugInService - ok
20:32:21.0254 4892  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
20:32:21.0270 4892  Wd - ok
20:32:21.0316 4892  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
20:32:21.0348 4892  Wdf01000 - ok
20:32:21.0363 4892  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
20:32:21.0426 4892  WdiServiceHost - ok
20:32:21.0426 4892  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
20:32:21.0441 4892  WdiSystemHost - ok
20:32:21.0472 4892  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
20:32:21.0519 4892  WebClient - ok
20:32:21.0550 4892  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
20:32:21.0582 4892  Wecsvc - ok
20:32:21.0597 4892  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
20:32:21.0660 4892  wercplsupport - ok
20:32:21.0691 4892  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
20:32:21.0722 4892  WerSvc - ok
20:32:21.0753 4892  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
20:32:21.0784 4892  WfpLwf - ok
20:32:21.0816 4892  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
20:32:21.0831 4892  WIMMount - ok
20:32:21.0894 4892  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:32:21.0972 4892  WinDefend - ok
20:32:21.0987 4892  WinHttpAutoProxySvc - ok
20:32:22.0034 4892  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
20:32:22.0081 4892  Winmgmt - ok
20:32:22.0143 4892  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
20:32:22.0237 4892  WinRM - ok
20:32:22.0299 4892  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
20:32:22.0330 4892  WinUsb - ok
20:32:22.0377 4892  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
20:32:22.0440 4892  Wlansvc - ok
20:32:22.0533 4892  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:32:22.0596 4892  wlidsvc - ok
20:32:22.0642 4892  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
20:32:22.0658 4892  WmiAcpi - ok
20:32:22.0689 4892  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
20:32:22.0736 4892  wmiApSrv - ok
20:32:22.0845 4892  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:32:22.0954 4892  WMPNetworkSvc - ok
20:32:22.0970 4892  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
20:32:23.0017 4892  WPCSvc - ok
20:32:23.0048 4892  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
20:32:23.0079 4892  WPDBusEnum - ok
20:32:23.0095 4892  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
20:32:23.0142 4892  ws2ifsl - ok
20:32:23.0157 4892  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
20:32:23.0173 4892  wscsvc - ok
20:32:23.0173 4892  WSearch - ok
20:32:23.0266 4892  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
20:32:23.0360 4892  wuauserv - ok
20:32:23.0391 4892  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
20:32:23.0422 4892  WudfPf - ok
20:32:23.0454 4892  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
20:32:23.0516 4892  WUDFRd - ok
20:32:23.0578 4892  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
20:32:23.0610 4892  wudfsvc - ok
20:32:23.0641 4892  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
20:32:23.0688 4892  WwanSvc - ok
20:32:23.0734 4892  wxpSvc - ok
20:32:23.0766 4892  ================ Scan global ===============================
20:32:23.0812 4892  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
20:32:23.0844 4892  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
20:32:23.0875 4892  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
20:32:23.0906 4892  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
20:32:23.0937 4892  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
20:32:23.0953 4892  [Global] - ok
20:32:23.0953 4892  ================ Scan MBR ==================================
20:32:23.0968 4892  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
20:32:24.0374 4892  \Device\Harddisk0\DR0 - ok
20:32:24.0374 4892  [ 096B4D6D03500A9B7DEB27F2244E9A60 ] \Device\Harddisk1\DR1
20:32:24.0499 4892  \Device\Harddisk1\DR1 - ok
20:32:24.0499 4892  ================ Scan VBR ==================================
20:32:24.0499 4892  [ FFCF558F995DC6506B87E0580F61DA7E ] \Device\Harddisk0\DR0\Partition1
20:32:24.0499 4892  \Device\Harddisk0\DR0\Partition1 - ok
20:32:24.0514 4892  [ 319B699787E0FE2B9C9794C007E3EE1C ] \Device\Harddisk0\DR0\Partition2
20:32:24.0514 4892  \Device\Harddisk0\DR0\Partition2 - ok
20:32:24.0546 4892  [ B087CF0DDE0814131A822DE9DF771EC0 ] \Device\Harddisk0\DR0\Partition3
20:32:24.0546 4892  \Device\Harddisk0\DR0\Partition3 - ok
20:32:24.0546 4892  [ 3A4CF3E46FB4916EA2B74040D0EE353F ] \Device\Harddisk1\DR1\Partition1
20:32:24.0546 4892  \Device\Harddisk1\DR1\Partition1 - ok
20:32:24.0546 4892  ============================================================
20:32:24.0546 4892  Scan finished
20:32:24.0546 4892  ============================================================
20:32:24.0561 1780  Detected object count: 0
20:32:24.0561 1780  Actual detected object count: 0
         

in dem Link:
Zitat:
Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-a...entfernen.html

... ist eine Anleitung zum Entfernen der Funde, dies widerspricht Deinem Hinweis:
Zitat:
Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
Das könnte doch zu Verwirrungen führen.

Dank & Gruß
Heiko
__________________

Geändert von HAK (18.11.2012 um 20:09 Uhr) Grund: Deutsche Sprache - schwere Sprache.

Alt 18.11.2012, 22:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2012, 19:34   #5
HAK
 
Claro Search - Standard

Claro Search



Hallo cosinus.

Vielen Dank , dass Du Dir die Nächte für meine Probleme um die Ohren haust. Mir gibt es ein sehr gutes Gefühl, dass sich jemand um die Lösung meines Problems kümmert. Ich habe mittlerweile die komplette Emailkorrespondenz eingestellt und hoffe diese bald wieder aufnehmen zu können.

Hier das Ergebnis des Suchlaufs mit AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 19/11/2012 um 20:28:04 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Program Files\Claro LTD
Ordner Gefunden : C:\Program Files\Common Files\spigot
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gefunden : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Claro LTD
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\Claro LTD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=NT_ss&mn[...]
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=461[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "a4df80400000000000000626b69b035f");
Gefunden : user_pref("extensions.claro.instlDay", "15659");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:02:56");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=KW_ss&mntrId=a4[...]

*************************

AdwCleaner[R1].txt - [13682 octets] - [19/11/2012 20:28:04]

########## EOF - C:\AdwCleaner[R1].txt - [13743 octets] ##########
         


Alt 19.11.2012, 19:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB Babylon oder Ask) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen.
Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________
--> Claro Search

Alt 19.11.2012, 20:00   #7
HAK
 
Claro Search - Standard

Claro Search



Hallo,

ich habe einige "Programme" mit Hilfe der Systemsteuerung deinstalliert. U.a. war claro auch dabei, leider ist dies immer noch die Startseite im Firefox.

Hier das neue Log AdwCleaner[R2]:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 19/11/2012 um 20:58:36 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
Ordner Gefunden : C:\Program Files\Common Files\spigot
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\***\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\prefs.js

Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=461[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "a4df80400000000000000626b69b035f");
Gefunden : user_pref("extensions.claro.instlDay", "15659");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:02:56");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");

*************************

AdwCleaner[R1].txt - [13813 octets] - [19/11/2012 20:28:04]
AdwCleaner[R2].txt - [5811 octets] - [19/11/2012 20:58:36]

########## EOF - C:\AdwCleaner[R2].txt - [5871 octets] ##########
         

Alt 19.11.2012, 20:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2012, 21:14   #9
HAK
 
Claro Search - Standard

Claro Search



Nun habe ich das erste Mal wieder google als Startseite gesehen

Hier die Logs:


1. AdwCleaner:


Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 19/11/2012 um 21:44:13 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=461[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "a4df80400000000000000626b69b035f");
Gelöscht : user_pref("extensions.claro.instlDay", "15659");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:02:56");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

*************************

AdwCleaner[R1].txt - [13813 octets] - [19/11/2012 20:28:04]
AdwCleaner[R2].txt - [5940 octets] - [19/11/2012 20:58:36]
AdwCleaner[S1].txt - [5769 octets] - [19/11/2012 21:44:13]

########## EOF - C:\AdwCleaner[S1].txt - [5829 octets] ##########
         

2. OTL

Hier habe ich eine deutsche Version, aber ich denke die englischen Anweisungen ganz gut übersetzt zu haben.

2.1 OTL Logfile

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.11.2012 21:53:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,76% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 78,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 45,72 Gb Free Space | 44,88% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\phonostar-Player\phonostarTimer.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Windows\System32\lxeccoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Windows\vsnpstd3.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Program Files\phonostar-Player\phonostarTimer.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
MOD - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
MOD - C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll ()
MOD - C:\Windows\System32\LXECsmr.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll ()
MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll ()
MOD - C:\Windows\System32\LXECsm.dll ()
MOD - C:\Windows\vsnpstd3.exe ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)
SRV - (lxec_device) -- C:\Windows\System32\lxeccoms.exe ( )
SRV - (lxecCATSCustConnectService) -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe ()
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{EF333FFC-B473-4DD7-8C36-56DD3B14D627}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
 
[2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.19 20:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions
[2012.10.11 21:59:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.10.29 20:18:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.26 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.12 09:59:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.26 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [phonostarTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DAA513-F05A-479B-9049-8F50547CF3D3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.09 07:20:38 | 000,000,055 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell\AutoRun\command - "" = J:\SecureDrive.exe -- [2011.06.29 10:01:40 | 004,537,856 | R--- | M] ()
O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SecureDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.18 20:26:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.18 19:56:54 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.11.17 21:26:12 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012.11.17 21:26:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012.11.17 21:25:21 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012.11.17 21:25:21 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012.11.17 21:25:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012.11.17 21:24:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.11.17 21:24:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012.11.17 21:24:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.11.17 21:24:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012.11.17 21:24:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.11.17 21:24:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012.11.17 21:24:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.11.17 21:24:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012.11.16 19:50:05 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012.11.16 19:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012.11.16 19:50:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012.11.16 19:49:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012.11.16 19:49:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.11.16 19:49:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012.11.16 19:49:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012.11.15 21:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.15 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.11.15 08:16:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012.11.15 08:16:33 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012.11.15 08:16:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2012.11.15 08:16:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.11.15 08:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.29 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.29 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 21:54:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 21:54:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 21:46:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.11.19 21:46:15 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 21:15:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.11.19 21:06:05 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
[2012.11.19 21:06:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
[2012.11.19 20:27:28 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.18 20:26:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2012.11.18 20:23:15 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2012.11.18 19:57:21 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.11.17 21:38:11 | 000,427,112 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.11.17 21:32:32 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.11.17 21:32:32 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.11.17 21:32:32 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.11.17 21:32:32 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.11.15 21:46:37 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\ykcz9hv8.exe
[2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.15 21:18:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.15 21:16:43 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2012.11.15 08:16:40 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 13:41:09 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.11.14 13:41:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.11.14 12:17:49 | 000,488,268 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF
[2012.11.14 12:10:14 | 000,491,552 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF
[2012.11.12 19:59:14 | 000,077,271 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF
[2012.11.12 19:39:22 | 000,012,887 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF
[2012.11.12 19:20:14 | 000,012,731 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF
[2012.11.05 20:53:55 | 000,011,731 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF
[2012.11.05 19:51:03 | 000,013,013 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF
[2012.11.05 19:50:03 | 000,010,947 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF
[2012.11.02 18:25:09 | 000,011,100 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF
[2012.11.02 18:16:12 | 000,013,085 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF
[2012.11.02 17:55:57 | 000,012,927 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF
[2012.11.02 17:44:52 | 002,276,311 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF
[2012.11.02 17:43:45 | 000,010,437 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF
[2012.11.02 17:39:10 | 003,894,087 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF
[2012.11.01 21:28:40 | 003,800,188 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF
[2012.11.01 21:25:12 | 000,009,125 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF
[2012.11.01 21:21:47 | 002,121,180 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF
[2012.11.01 21:19:46 | 003,388,506 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF
[2012.10.21 09:52:50 | 000,015,522 | ---- | M] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF
 
========== Files Created - No Company Name ==========
 
[2012.11.19 20:27:28 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.18 20:23:15 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2012.11.17 21:26:13 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 21:25:21 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 21:46:37 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\ykcz9hv8.exe
[2012.11.15 21:18:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.15 21:16:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.15 08:16:40 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 12:17:49 | 000,488,268 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF
[2012.11.14 12:10:13 | 000,491,552 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF
[2012.11.12 19:59:13 | 000,077,271 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF
[2012.11.12 19:39:21 | 000,012,887 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF
[2012.11.12 19:20:14 | 000,012,731 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF
[2012.11.05 20:53:55 | 000,011,731 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF
[2012.11.05 19:51:02 | 000,013,013 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF
[2012.11.05 19:50:02 | 000,010,947 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF
[2012.11.02 18:25:08 | 000,011,100 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF
[2012.11.02 18:16:11 | 000,013,085 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF
[2012.11.02 17:55:56 | 000,012,927 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF
[2012.11.02 17:44:51 | 002,276,311 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF
[2012.11.02 17:43:44 | 000,010,437 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF
[2012.11.02 17:39:09 | 003,894,087 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF
[2012.11.01 21:28:39 | 003,800,188 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF
[2012.11.01 21:25:12 | 000,009,125 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF
[2012.11.01 21:21:47 | 002,121,180 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF
[2012.11.01 21:19:46 | 003,388,506 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF
[2012.10.21 09:52:50 | 000,015,522 | ---- | C] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF
[2011.10.19 10:23:53 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.01 17:09:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxecvs.dll
[2011.10.01 17:09:32 | 000,442,368 | ---- | C] ( ) -- C:\windows\System32\lxeccoin.dll
[2011.10.01 17:09:30 | 000,294,912 | ---- | C] () -- C:\windows\System32\lxeccui.dll
[2011.10.01 17:09:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\lxeccuir.dll
[2011.10.01 17:09:30 | 000,086,016 | ---- | C] () -- C:\windows\System32\lxecgcfg.dll
[2011.10.01 17:07:56 | 000,847,872 | ---- | C] ( ) -- C:\windows\System32\lxecusb1.dll
[2011.10.01 17:07:56 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxecinpa.dll
[2011.10.01 17:07:56 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\LXEChcp.dll
[2011.10.01 17:07:56 | 000,344,064 | ---- | C] ( ) -- C:\windows\System32\lxeciesc.dll
[2011.10.01 17:07:56 | 000,331,776 | ---- | C] () -- C:\windows\System32\LXECinst.dll
[2011.10.01 17:07:55 | 001,048,576 | ---- | C] ( ) -- C:\windows\System32\lxecserv.dll
[2011.10.01 17:07:55 | 000,802,816 | ---- | C] ( ) -- C:\windows\System32\lxeccomc.dll
[2011.10.01 17:07:55 | 000,688,128 | ---- | C] ( ) -- C:\windows\System32\lxechbn3.dll
[2011.10.01 17:07:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxecpmui.dll
[2011.10.01 17:07:55 | 000,598,696 | ---- | C] ( ) -- C:\windows\System32\lxeccoms.exe
[2011.10.01 17:07:55 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxeclmpm.dll
[2011.10.01 17:07:55 | 000,373,416 | ---- | C] ( ) -- C:\windows\System32\lxeccfg.exe
[2011.10.01 17:07:55 | 000,372,736 | ---- | C] ( ) -- C:\windows\System32\lxeccomm.dll
[2011.10.01 17:07:55 | 000,324,264 | ---- | C] ( ) -- C:\windows\System32\lxecih.exe
[2011.10.01 17:07:55 | 000,323,584 | ---- | C] () -- C:\windows\System32\lxecins.dll
[2011.10.01 17:07:55 | 000,262,144 | ---- | C] () -- C:\windows\System32\lxecinsb.dll
[2011.10.01 17:07:55 | 000,253,952 | ---- | C] () -- C:\windows\System32\lxeccu.dll
[2011.10.01 17:07:55 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxecgrd.dll
[2011.10.01 17:07:55 | 000,114,688 | ---- | C] () -- C:\windows\System32\lxecinsr.dll
[2011.10.01 17:07:55 | 000,090,112 | ---- | C] () -- C:\windows\System32\lxeccub.dll
[2011.10.01 17:07:55 | 000,057,344 | ---- | C] () -- C:\windows\System32\lxecjswr.dll
[2011.10.01 17:07:55 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxeccur.dll
[2011.10.01 17:04:32 | 000,299,008 | ---- | C] () -- C:\windows\System32\LXECsm.dll
[2011.10.01 17:04:32 | 000,024,064 | ---- | C] () -- C:\windows\System32\LXECsmr.dll
[2011.06.29 13:32:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss
[2011.06.22 21:12:34 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2011.06.22 20:51:38 | 000,001,469 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011.06.07 11:45:01 | 000,002,120 | ---- | C] () -- C:\windows\System32\SETUP.INI
[2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---



2.2 OTL Extras Logfile


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.11.2012 21:53:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,76% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 78,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 45,72 Gb Free Space | 44,88% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4A2058DD-9FA3-4C83-B05A-000748332063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F70DB99-C82E-4BA8-AF04-61E30C72B4CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D370C8F-9804-4F4E-A782-7F8EFB77C770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A1EE899-841F-468F-B577-E44F186E64B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96B22D44-6677-4BA7-B9CA-D08054109C83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B0CE2BC6-5C9D-4420-9515-2200C3D418EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2DE2049-2329-4B85-B51B-7980D5CA1DCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C6BE51F3-16B3-4CFE-B493-2ABBD70B0C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DB840EBA-0C5B-4E03-B88E-E8F780753286}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E271FB7B-B146-43AA-9CF5-5756D6FBB90C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF3259D3-9794-47D6-A342-86078E32FC8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F9D36D89-1BBB-46D7-A0EB-5358719976F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DE69FC-A6AF-415C-A61F-D49D36E7D8F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{12C99DA2-3111-4ABF-A1EB-199A1FD20101}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{14DF5C51-04C8-4256-90A8-0AB520250722}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{1936BFB2-4704-4685-AA1B-BB717D2C8E64}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe | 
"{19E4BA90-6E26-4AF3-86EB-4FDBCB685AD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1D4AF9BF-5D2E-4D6F-B3B6-0FEA7280B105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{207EAB51-8D11-458F-9BF1-8AC49E2E760F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2666C3F1-AE28-4509-A95C-3A87DE959A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2721157E-68D7-48ED-B28B-EA910D30AFFC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3508FCE9-7864-42F6-907F-4BA9A513FD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{350B17B8-BF7E-49ED-9C89-F190EC3BFFCF}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe | 
"{367D5E63-1CB5-4FC1-A4A6-046A7722CD73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{36A10E2B-2606-4D53-94CD-94996C6DB0F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{36FD5AB5-3973-4292-A463-5500BE73836F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3B61486F-DFD3-4469-980B-6906BAB7A5F6}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{443055EF-18FC-4A93-AA08-ACE95BEA00CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6E046D76-0D85-4AE1-8D60-36F49A3BC82B}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe | 
"{70D81061-1455-41A6-8524-0CF8E0C8DB89}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{71CEB397-329A-4F72-89C6-1F939A52B0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7BB3BD07-67BC-461D-849D-250E5894BF4F}" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe | 
"{928AC0A3-7023-4BBD-A396-3941BB9FEE1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{93F6B310-8D29-434F-9702-54454B9A11B8}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{9D2EF16F-6E1C-433C-9781-54BECA6FF2E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF7BE449-B839-4EA1-A31A-C9E58C68C54C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D620E2D0-DBF2-4AA0-9818-72B56DCF6175}" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe | 
"{DC9497AF-D9F2-431F-BB84-024BCBB808DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDF88DB5-E463-42A0-A117-12733B88522E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F284212B-6A57-49DF-BD7D-5D6785FB53FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F30E5905-5E68-435F-AC44-19FADA8A7EB2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe | 
"{FB3D9E84-2957-405C-A04D-69188278874C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{FDE96E9F-77C9-494F-8DE5-8F548F062055}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"TCP Query User{0B598442-2CC7-4120-AFD5-EDC756481767}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | 
"TCP Query User{0E501B6A-AE58-4B2B-9276-19543BFBF66D}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | 
"TCP Query User{283D0D29-309B-4B79-9DD8-4BD21C9CB0B5}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"TCP Query User{2DBA5005-5A7A-415B-8E2B-70FFFF3360AF}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{499F367C-E9BF-48DC-A4B3-1E4EAD3131A7}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"TCP Query User{5DF4AFF1-995C-4775-B94D-597740B954A7}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{ABDBB55D-A19E-4532-9899-633F25AB64A5}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{D68012C9-15EB-450C-B212-2A995FE84A80}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe | 
"TCP Query User{FB188029-B7FB-42DE-959C-A6257A947D53}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{093ACB9C-DB16-4400-9061-8CC6032C0334}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe | 
"UDP Query User{4BD994BB-BD0F-4762-B669-3407C2EF4215}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{6912860E-C822-4175-A7CF-CDFB4502AE45}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | 
"UDP Query User{7BE9F434-7D5E-499A-89E8-A3D967989370}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"UDP Query User{85EDF902-D984-42BC-AD30-8FCADCF4D75B}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{C9053275-24C8-490B-94B9-B734A13FF943}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | 
"UDP Query User{DB073AB2-B109-4407-A112-10B2265C8BDF}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{E5B68BA6-8777-47FF-B482-C5AC0F2BD632}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{E6632EE3-ACBC-40F1-B6F2-69DAE663D858}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"FileZilla Client" = FileZilla Client 3.5.3
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.1005
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Free Studio_is1" = Free Studio version 5.7.5.1005
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.10.2012 19:27:32 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description = 
 
Error - 21.10.2012 04:50:41 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description = 
 
Error - 21.10.2012 05:43:06 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.10.2012 05:43:44 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.10.2012 08:07:18 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.10.2012 08:07:47 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.10.2012 15:48:12 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.10.2012 15:48:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.10.2012 13:45:06 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.10.2012 13:45:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.11.2012 07:04:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.11.2012 07:05:04 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.11.2012 09:37:14 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description = 
 
[ OSession Events ]
Error - 08.05.2011 14:45:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.06.2011 08:20:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.06.2011 08:20:31 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.08.2011 14:07:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.11.2012 14:37:31 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 18.11.2012 15:13:32 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 18.11.2012 15:37:33 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 18.11.2012 16:01:35 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 19.11.2012 14:41:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 19.11.2012 16:44:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 19.11.2012 16:46:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 19.11.2012 16:48:46 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 19.11.2012 16:48:49 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 19.11.2012 16:51:35 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
 
< End of report >
         
--- --- ---

Alt 20.11.2012, 08:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
[2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.11.2012, 19:18   #11
HAK
 
Claro Search - Standard

Claro Search



Hallo cosinus.

Habe OTL mit Deinen Angaben gefixt.

Hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}\ not found.
Prefs.js: pdfforge@mybrowserbar.com:1.1.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
C:\ProgramData\FullRemove.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 19331635538 bytes
->Temporary Internet Files folder emptied: 202587119 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 888323984 bytes
->Flash cache emptied: 90167 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183254446 bytes
RecycleBin emptied: 2736720335 bytes
 
Total Files Cleaned = 22.262,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11202012_200200

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 20.11.2012, 20:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2012, 21:59   #13
HAK
 
Claro Search - Standard

Claro Search



Das hat gedauert! Der Lauf von Eset ging ca. 3,5 Stunden. Da ich aber auch eine externe Festplatte angeschlossen hatte, wird das wohl in Ordnung gehen.

Alles erledigt, das Ergebnis wage ich nicht zu beurteilen, es wurde jedoch einiges gefunden.

Hier die Logs:

1. Quickscan mit Malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

21.11.2012 18:29:35
mbam-log-2012-11-21 (18-44-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210797
Laufzeit: 5 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\Downloads\SoftonicDownloader_fuer_jetaudio.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)
         

2. ESET Online Scanner


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5ae12c59edfadd45887a5250495a65fe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-21 09:26:34
# local_time=2012-11-21 10:26:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 560493 560493 0 0
# compatibility_mode=5893 16776574 100 94 560482 105151872 0 0
# compatibility_mode=8192 67108863 100 0 4345 4345 0 0
# scanned=173165
# found=32
# cleaned=0
# scan_time=12513
C:\Users\***\Downloads\agsetup183se.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\PDFCreator-1_2_1_setup(1).exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\PDFCreator-1_2_1_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\PDFCreator-1_2_2_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\PDFCreator-1_2_3_setup(1).exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\SoftonicDownloader_fuer_jetaudio.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2010-01-15 135752\Backup Files 2010-02-11 204829\Backup files 1.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2010-07-02 162721\Backup Files 2010-07-02 162721\Backup files 1.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2010-12-02 154943\Backup Files 2010-12-02 154943\Backup files 1.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-02-15 102250\Backup Files 2011-02-15 102250\Backup files 2.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-07-03 183558\Backup files 3.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-07-03 183558\Backup files 4.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-07-03 183558\Backup files 5.zip	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-08-01 202542\Backup files 4.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-10-02 120024\Backup files 5.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-11-01 190002\Backup Files 2011-11-01 190002\Backup files 11.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-11-01 190002\Backup Files 2011-11-01 190002\Backup files 13.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2011-11-01 190002\Backup Files 2011-12-01 201019\Backup files 8.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-01-01 203240\Backup Files 2012-01-01 203240\Backup files 3.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-01-01 203240\Backup Files 2012-01-01 203240\Backup files 5.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-01-01 203240\Backup Files 2012-01-01 203240\Backup files 6.zip	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 2.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 3.zip	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 4.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 5.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-08-02 103754\Backup Files 2012-08-02 103754\Backup files 4.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-08-02 103754\Backup Files 2012-08-02 103754\Backup files 5.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-08-02 103754\Backup Files 2012-08-02 103754\Backup files 6.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-11-01 195118\Backup Files 2012-11-01 195118\Backup files 10.zip	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-11-01 195118\Backup Files 2012-11-01 195118\Backup files 7.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\***-PC\Backup Set 2012-11-01 195118\Backup Files 2012-11-01 195118\Backup files 9.zip	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
         
Vielen Dank &
Guts Nächtle.

Alt 22.11.2012, 11:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search - Standard

Claro Search



Code:
ATTFilter
C:\Users\***\Downloads\SoftonicDownloader_fuer_jetaudio.exe
         
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic!

Sieht soweit ok aus, die Funde von ESET kann man vernachlässigen, eher hysterisch weil die Setups angemeckert wurden, denn sie können Toolbars mit installieren.

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2012, 15:43   #15
HAK
 
Claro Search - Standard

Claro Search



Zunächst einmal vielen Dank, es scheint wieder gut zu laufen.

Das einzige was mir noch aufgefallen ist:

Bei geöffneten Fenstern, die oben bzw. unten ein "transparentes" Band verwenden flimmert dieses häufig. Das habe ich bei verschiedenen Programmen festgestellt. Thunderbird, Windows Fotoanzeige und auch bei dem Fenster zum Auswählen eines Programms zum Öffnen von Dateien.

Zunächst dachte ich es liegt an dem Monitor des Notebooks, da es aber nur in den genannten Bändern auftaucht, denke ich mittlerweile das es nicht an der Hardware liegt.

Evtl. werde ich mich noch einmal von einem anderen PC aus melden. Mein Schwiegervater kann derzeit wohl keine Emails mit PDF-Anhängen empfangen. Das Problem hatte ich auch, bevor Du mir geholfen hast.

Vielen Dank.

Antwort

Themen zu Claro Search
7-zip, audiograbber, autostart, browser manager, einstellungen, emails, erscheint, firefox, gen, heute, hoffe, infos, install.exe, intranet, job, kinder, kleine, limited.com/facebook, länger, microsoft office 2003, office 2007, online, opfer, richtig, schei, search, seite, start, startseite, super, thunderbird, troja, trojaner-board, wenig, wichtige



Ähnliche Themen: Claro Search


  1. Claro Search entfernen- Wie?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  2. Claro - Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (20)
  3. Claro search
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (4)
  4. Claro Search Virus
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (1)
  5. Claro Search entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (14)
  6. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (3)
  7. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (17)
  8. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (23)
  9. Claro Search eingfangen :(
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (23)
  10. Claro-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  11. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (16)
  12. Claro-Search als Startseite
    Log-Analyse und Auswertung - 22.11.2012 (11)
  13. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (12)
  14. Claro-Search
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (11)
  15. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (23)
  16. Claro Search
    Log-Analyse und Auswertung - 12.11.2012 (27)
  17. virus auf dem pc search.chatzum.com bei Mozilla Firefox und search.claro.com bei IE
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)

Zum Thema Claro Search - Hallo, ich heiße Heiko und bin anscheinend auch ein Opfer der "Claro Search" geworden. Es ist mir gerade aufgefallen, dass beim Start des Firefox immer die Claro Search als Startseite - Claro Search...
Archiv
Du betrachtest: Claro Search auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.